Hi all. Needing some help with a remote-access into a 5505. I can vpn in just fine, I just cant seem to pass any traffic. When I do a "sho cryp ipsec sa", I see traffic being decrypted, but I do not see any traffic being encrypted back to me. I attached my config, could I get some help from you guys to see where I have gone wrong? I appreciate as always.
The reason why it is happening is because the ASA also has one L2L tunnel and you are using same NAT 0 access-list for L2L tunnel as Crypto ACL also.
nat (inside) 0 access-list tocw
crypto map outside_map 10 match address tocw
so the traffic you are sending from vpn client is actually returning back to L2L tunnel .
Do the following:
Create separate access-list for L2L tunnel specifying traffic only specific to L2L tunnel.
you have to check remote side but i think your crypto acl for l2l tunnel would be
access-list VPNACL extended permit ip 192.168.201.0 255.255.255.0 192.168.73.0 255.255.255.0
no crypto map outside_map 10 match address tocw
crypto map outside_map 10 match address VPNACL
Your L2L tunnel will come down when you will make changes so make necessary arrangements.
Check and post results
Pls rate helpful posts